#!/bin/sh

set -e

setperm() {
  local user="$1"
  shift
  local group="$1"
  shift
  local mode="$1"
  shift
  local file="$@"

  # Only do something when no setting exists - if it was set, then it's already
  # been unpacked using the appropriate ownership and permissions.
  if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then
    chown "$user":"$group" "$file"
    chmod "$mode" "$file"
  fi
}

case "$1" in
  configure)
    # If the package has default file it could be sourced, so that
    # the local admin can overwrite the defaults

    [ -f "/etc/default/rundeck" ] && . /etc/default/rundeck
   
    # Sane defaults:
   
    [ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/rundeck
    [ -z "$SERVER_USER" ] && SERVER_USER=rundeck
    [ -z "$SERVER_NAME" ] && SERVER_NAME="Rundeck user account"
    [ -z "$SERVER_GROUP" ] && SERVER_GROUP=rundeck

    # create user to avoid running server as root
    # 1. create group if not existing
    if ! getent group | grep -q "^$SERVER_GROUP:" ; then
       echo -n "Adding group $SERVER_GROUP.."
       addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
       echo "..done"
    fi
    # 2. create homedir if not existing
    test -d $SERVER_HOME || mkdir $SERVER_HOME
    # 3. create user if not existing
    if ! getent passwd | grep -q "^$SERVER_USER:"; then
      echo -n "Adding system user $SERVER_USER.."
      adduser --quiet \
              --system \
              --ingroup $SERVER_GROUP \
              --no-create-home \
              --disabled-password \
              $SERVER_USER 2>/dev/null || true
      echo "..done"
    fi

    # 4. adjust passwd entry
    usermod -c "$SERVER_NAME" \
            -d $SERVER_HOME   \
            -g $SERVER_GROUP  \
               $SERVER_USER

    # 5. adjust file and directory permissions
    setperm rundeck rundeck 0750 /var/lib/rundeck/work
    setperm rundeck rundeck 0750 /var/lib/rundeck/data
    setperm rundeck adm 2751 /var/lib/rundeck/logs
    setperm rundeck rundeck 0750 /var/lib/rundeck/var
    setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp
    setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp/pluginJars
    setperm rundeck rundeck 0750 /var/rundeck
    setperm rundeck rundeck 0750 /var/rundeck/projects
    setperm rundeck adm 2751 /var/log/rundeck
    setperm rundeck rundeck 0750 /var/lib/rundeck/bootstrap
    setperm rundeck rundeck 0750 /var/lib/rundeck/cli
    setperm rundeck rundeck 0750 /var/lib/rundeck/exp
    setperm rundeck rundeck 0750 /var/lib/rundeck/libext
    setperm rundeck rundeck 0750 /tmp/rundeck
    setperm rundeck rundeck 0750 /etc/rundeck/ssl
    find /etc/rundeck/ -maxdepth 2 -type f -print0 | xargs -0 chown rundeck:rundeck
    find /etc/rundeck/ -maxdepth 2 -type f -print0 | xargs -0 chmod 0640

    # 6. set correct owner/permissions for service.log if it already exists
    [ -f /var/log/rundeck/service.log ] && setperm rundeck adm 0664 /var/log/rundeck/service.log

    # 7. generate UUID for server if not present
    DIR=/etc/rundeck
    if  ! grep -E '^\s*rundeck.server.uuid\s*=\s*.{8}-.{4}-.{4}-.{4}-.{12}\s*$' $DIR/framework.properties ; then
        uuid=$(uuidgen)
        echo "\n# ----------------------------------------------------------------" >> $DIR/framework.properties
        echo "# Auto generated server UUID: $uuid" >> $DIR/framework.properties
        echo "# ----------------------------------------------------------------" >> $DIR/framework.properties
        echo "rundeck.server.uuid = $uuid" >> $DIR/framework.properties
    fi

    ;;

  abort-upgrade|abort-remove|abort-deconfigure)
    :
    ;;

  *)
    echo "postinst called with unknown argument \`$1'" >&2
    exit 1
    ;;
esac

exit 0

